Vista Ultimate x64 - Accounts lock when making changes to accounts
The Setup: OS: Vista x64 Ultimate Workgroup: Single computer involved Accounts: AdminMe, AdminMe2, test(standard), test2(standard), Me(standard) Major features used: User Accounts, Parental Controls, and other 'User Accounts' related features. Fast User Switching = Enabled Lockout policy: Lockout Threshold = 7 invalid attemps; Lockout Duration = 30 minutes (I changed this to 3 minutes for testing) The Situation: Lets assume I'm logged in as 'test'. When I am trying to access restricted portions of control panel for maintenance (such as, manage another account), UAC prompts for elevation. When I enter my admin password for 'AdminMe' it displays the list of accounts for me to manage. However if I look at the Security Event logs (can be provided upon request) it shows that my 'test' account first tried to access each of my accounts with Audit failure. It then shows successful UAC elevation, followed by (when going in to 'Manage another User account' but not 'Parental Controls') another string of failures. If I exit Users/Parental and go back in enough times within my designated time (such as when switching accounts to test changes or adjusting one account, leaving, deciding to make a few more changes and going back in, etc) it decides to lock some, or all accounts (don't know enough about securityto determine how it picks which accounts to lock) Possibly Useful Info: When going into 'Manage another User account' it displays blanks instead of pictures for all the users. When going into 'Parental controls' it gives the same audit failures but displays the pictures for all the users. Some of the SubjectUser's llisted doing the accessing are my 'test' account, some are my 'AdminMe' account (I suspect this is the difference between going in through 'Parental Controls' and going in through 'Mange another User account' but have yet to test it yet) My 'test' account has failed on itself My 'AdminMe' account has failed on itself when elevating to it The accounts locking sometimes won't even include the account I am logged in as and sometimes will Testing: Due to suspicion of profile corruption, test2, and AdminMe2 were both brand new accounts. I tested in the following fashion: Logged in as test, elevated to AdminMe -- accounts locked Logged in as test, elevated to AdminMe2 -- accounts locked Logged in as test2, elevated to AdminMe -- accounts locked Logged in as test2, elevated to AdminMe2 -- accounts locked Logged in as AdminMe, Elevated to Self -- accounts locked Logged in as AdminMe2, Elevated to Self -- accounts locked Questions: I don't have a second Vista machine to test with but is this a *ahem* feature... of Vista? If so, is there a fix yet? If not, any ideas on what I did to get this to happen (besides turn on a Account lockout policy since I should be allowed to use this feature)? More information provided on request (please be specific, such as; if you want failed security log info, do you want me to copy/paste the general tab, the details tab, both? do you want one, all from a single attempt, every log from the start of the process until accounts lock?) Many thanks in advance, Jason
October 14th, 2008 6:11am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics